Xiaomi

Xiaomi

Basic information
Founded	2010
Legal Structure	Public
Industry	Electronics, Computer Hardware, Automotive
Also known as
Official website	https://www.mi.com/

Xiaomi Corporation is a Chinese multi-national corporation and technology company headquartered in Beijing, China. It is best known for its consumer electronics, software, and electric vehicles. As of 2021, it is the second largest smart phone manufacturer in the world.^[1]

Main article: Xiaomi's disclosure of kernel sources

Although Xiaomi's devices run on an operating system based on the Linux kernel, which is licensed under GPLv2, the company does not disclose all of their operating system source code on GitHub, as required by GPL terms.

Main article: Xiaomi Phone unlock requirements and procedure

Phones sold outside of China come with an unlock-able bootloader, however the unlocking process is heavily restricted.

For devices with a broken bootloader, recovery typically involves re-flashing firmware through Emergency Download (EDL) mode (for Qualcomm-based devices) or Download Mode (for MediaTek-based devices). While Qualcomm and MediaTek provide software for these modes, they are only distributed internally to repair centers. However, open-source alternatives exist that can perform similar functions.

Despite this, Xiaomi implemented additional restrictions in 2020 by requiring online authentication, which is exclusively provided to authorized repair centers. This prevents users from restoring their own devices in cases of severe software failure.^[2]

Owners of the electric vehicle Xiaomi SU7 report authentication errors after replacing parts such as headlights. Officials have said the Xiaomi SU7 cannot complete over the air software updates unless upgrade-able parts have Xiaomi-approved identification keys.^[3][4]

Electric scooters such as Xiaomi Electric Scooter 4 Lite (2nd Gen) will require activation before it can be used. This activation can only be done via the Xiaomi Home mobile application. In order to use the application, the User Agreement and Privacy Policy must be agreed to and a Xiaomi account created.^[5]

Xiaomi devices come with several pre-installed first-party apps that contain advertisements, including full-screen deceptive scareware ads urging users to install malware. Workarounds exist to disable ads in some apps, including Mi File Explorer, Mi Browser, MIUI Downloads, MIUI Security, Mi Music, Mi Video and MIUI Themes.^[6] In many of their phones such as the cheaper Poco phones, a system app that can't be searched through normal means called "MSA" should also be revoked or uninstalled via ADB as it introduces ads most of the time a user opens up the phone.^[7]

Most of the aforementioned apps can be substituted for FOSS alternatives, but they cannot be uninstalled without advanced methods such as ADB.

In 2020, it was revealed that Xiaomi phones send vast amounts of data to Xiaomi, including browsing history, folders opened, and many other things users do on their phones. Xiaomi insists that privacy is not affected, but none of their statements really contradict the allegations of vast data collection.^[8]

Most of the data is sent to servers in Singapore which belong to Chinese tech giant Alibaba Cloud. Users can verify themselves which connections are made by using the connection log feature in an app such as No Root Firewall, NetGuard or Tracker Control. This shows the phones sometimes suddenly becoming very "chatty", even in the middle of the night.

The only way to mitigate this is to use a custom "ROM" such as /e/ or LineageOS. Users who do not have the technical skill to do this should use an app like Tracker Control from the F-Droid store to limit connections and use an alternate browser such as Firefox (Google Play Store) or Fennec (F-Droid store). Built-in applications should be avoided as much as possible.

As a Chinese company, Xiaomi is under direct control of the Chinese government led by the Chinese Communist Party. China is an autocratic dictatorship and a surveillance state, which users should take into consideration when using internet-connected software and hardware products from the country. The company cannot deny requests from the Chinese state for user data and must collaborate unconditionally in state espionage cases. This law also applies extra-territorially and thus user data world-wide is affected.

Some phone models display a cartoon of Mitu, the Xiaomi mascot bunny performing maintenance on the iconic Android logo robot when booted into fast-boot mode by holding down the corresponding button combination, which differs between phone models. This mascot is wearing an olive-green fur hat that is part of the communist pioneer uniform and bears the characteristic red star on its front, emphasizing the patriotic stance of the company.^[9]

Xiaomi smartphones out-of-the-box run on their custom version of Android known as HyperOS (formerly MIUI), which comes bundled with a plethora of pre-installed first- and third-party apps. The pre-installed third-party apps can be easily uninstalled with a few clicks whereas the same is not applicable for the pre-installed first-party apps. The option to uninstall them is either grayed out or just outright missing, requiring advanced methods such as ADB to uninstall.^[10]

In March 2026, German consumer organization Stiftung Warentest reported that Xiaomi phones had distributed system notifications posing as news from Tagesschau, Germany's highly regarded public broadcast news programme, which also has a popular app which has the ability to send notifications for breaking news.

The notifications in question was emitted by Xiaomi's system Browser app and led users to a replica of the original Tagesschau website, which contained an investment scam.

Stiftung Warentest cites Xiaomi representatives stating the incident was being taken seriously and investigated internally. They also state that Xiaomi is "working with a series of global content providers, which my vary by region or country, to deliver push messages to users".^[11]

The incident raises concerns about Chinese state actors having the ability to distribute fake news or propaganda in other countries via phone notifications. However, there is currently no evidence of this actually being exploited in practice.

Users can only reasonably protect themselves by moving to an open source operating system (custom ROM), provided that their device allows for bootloader unlocking and is supported by the respective operating system.

Xiaomi's ecosystem of smart home devices is primarily managed through the Xiaomi Home (formerly Mi Home) application. Xiaomi does not provide a browser-based control panel for managing devices. Users must install the proprietary Xiaomi Home app on their smartphones. For desktop usage, the only workaround is to run an Android emulator, as there is no official native application for Windows, Linux, or macOS.^[12]

Xiaomi has a series of smart watches and fitness bands. While watches are expected to be used alongside a phone, requiring Bluetooth synchronization therefore activation, fitness bands such as the Mi Band series or Redmi Band series could be expected not being used with a phone for sports functions such as heart rate monitoring, steps counting and more. But they need pairing to be first turned on. Pairing requires installing the Mi Fitness app, agreeing to its terms and services and creating an account in order to use the device.

Xiaomi forces you to buy their proprietary air filter, otherwise the air purifier doesn't work. Wasn't always like that, it came with an update and today you cannot use your air purifier without Xiaomi's original parts. A solution has been proposed here.